QwikSec

Security Database

CVE

CWE

Training

CVE-2026-0655

Published: Mar 2, 2026

Modified: Mar 2, 2026

PUBLISHED

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822.

Vendor	Product	Versions
TP-Link Systems Inc.	Deco BE25 v1.0	affected `0 - <= 1.1.1 Build 20250822`

Weaknesses (CWE)

References

https://www.tp-link.com/sg/support/download/deco-be25/#Firmware

patch

https://www.tp-link.com/en/support/download/deco-be25/#Firmware

patch

https://www.tp-link.com/us/support/download/deco-be25/v1/#Firmware

patch

https://www.tp-link.com/us/support/faq/4993/

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.